Re: Another security problem..

[Jim Popovitch <jimpop@xxxxxxxxx>]

Another?  Heck, that's old stuff from quite some time (Internet time) 
ago.  If I had a nickel for every invalid file access attempt..... ;-)

-Jim P.

James Kosin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Everyone,
>
> On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
> accessed my web-server trying to access a file called
> main.php in the following places:
> 194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET
> /phpmyadmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET /PMA/main.php
> HTTP/1.0" 404 297 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /mysql/main.php
> HTTP/1.0" 404 299 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /admin/main.php
> HTTP/1.0" 404 299 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /db/main.php
> HTTP/1.0" 404 296 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /dbadmin/main.php
> HTTP/1.0" 404 301 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
> /web/phpMyAdmin/main.php HTTP/1.0" 404 308 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
> /admin/pma/main.php HTTP/1.0" 404 303 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /admin/phpmyadmin/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /admin/mysql/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /phpmyadmin2/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /mysqladmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /main.php
> HTTP/1.0" 404 293 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
> /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
> /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
>
> Of course, this attack fell on deaf ears on my server....  but, I'd
> like everyone to know since this is a security risk if they do have a
> PHP document configuring some of these administrative tasks open on
> the internet.
>
> Thanks,
> James Kosin
>
> - - --
> - - --
> James Kosin
>
> International Communications Group, Inc.
> 230 Pickett's Line
> Newport News, VA  23603-1366
> - - - United States of America -
>
> Phone: 1(757)947-1030 ext. 122
> Fax  : 1(757)947-1035
>
> - - --
> GPG Fingerprint: 28E9 6487 34B2 18DD 6468 F091 8CD9 2038 DEB0 0590
> GPG Key ID:     0xDEB00590
>
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDV75UjNkgON6wBZARA6DmAJ9NMxZNiNCvKxy8eBZZQ0D7luLnegCfXDb8
> SYP3+FueDyDnOzdwLLDA2PI=
> =D30R
> - -----END PGP SIGNATURE-----
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDV757kNLDmnu1kSkRA8uzAJ43tmMFXtvaGW4SC8IOjVbvYFVbzACfbWO/
> 5C3JQsLUIER/lsmoAQbRD8k=
> =Ij0X
> -----END PGP SIGNATURE-----

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list